Improper URI Scheme Handling in Emacs Text Editor by Red Hat
CVE-2025-1244

8.8HIGH

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8; Red Hat Enterprise Linux 9
Vendor: CVE Published:; 12 February 2025

Summary

A vulnerability exists in the Emacs text editor that stems from improper handling of custom 'man' URI schemes. This flaw enables attackers to execute arbitrary shell commands by deceiving users into visiting specially crafted websites or HTTP URLs containing redirects. Users should remain vigilant and avoid visiting untrusted links to mitigate potential exploitation.

References

https://access.redhat.com/security/cve/CVE-2025-1244

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2345150

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 12, 2025
Vulnerability Reserved
Feb 12, 2025

Credit

Red Hat would like to thank Vasilij Schneidermann for reporting this issue.